uplink icon indicating copy to clipboard operation
uplink copied to clipboard
verified publisher icon storj

Broken access grant if restricted again without path

Open Erikvv opened this issue 3 years ago • 1 comments

If I restrict an access grant with a bucket restriction, and then restrict it again without the bucket restriction, it doesn't work any more.

So this one works:

"caveats": [
  {
    "allowed_paths": [
      {
        "bucket": "orbiter"
      }
    ],
    "nonce": "i/YSMg=="
  },
  {
    "allowed_paths": [
      {
        "bucket": "orbiter"
      }
    ],
    "nonce": "8I36Ew=="
  }
],

But this one doesn't:

"caveats": [
  {
    "allowed_paths": [
      {
        "bucket": "orbiter"
      }
    ],
    "nonce": "i/YSMg=="
  },
  {
    "allowed_paths": [
      {
        "bucket": "orbiter"
      }
    ],
    "nonce": "8I36Ew=="
  },
  {
    "nonce": "cL1+Bg=="
  }
],

It will say I don't have permission to upload or download from the bucket.

Erikvv avatar Jan 12 '22 10:01 Erikvv

I can see how this came into existence because if you restrict to "bucket1" and then to "bucket2" the restrictions compound and you've got a useless access grant. But uplink actually prevents you from doing this (Error: missing encryption base), but not the scenario above. And I think it should be possible.

Erikvv avatar Jan 12 '22 10:01 Erikvv